FACTOID # 12: It's not the government they hate: Washington DC has the highest number of hate crimes per capita in the US.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Exploit (computer security)

An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack. Computer software (or simply software) refers to one or more computer programs and data held in the storage of a computer for some purpose. ... A software bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended (e. ... Glitch City, a Pokémon programming error that creates a jumble of tiles. ... In computer security, the word vulnerability refers to a weakness or other opening in a system. ... Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. ... A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ...

Contents

Classification

There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A 'remote exploit' works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A 'local exploit' requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with social engineering method. A system administrator, or sysadmin, is a person employed to maintain, and operate a computer system or network. ... A client is a computer system that accesses a (remote) service on another computer by some kind of network. ... Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. ...


Another classification is by the action against vulnerable system: unauthorised data access, code execution, denial of service. A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ...


Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root. On many computer operating systems, superuser, or root, is the term used for the special user account that is controlled by the system administrator. ...


Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete for newer versions of the software. This is the reason why some blackhat hackers do not publish their exploits but keep them private to themselves or other malicious crackers. Such exploits are referred to as 'zero day exploits' and to obtain access to such exploits is the primary desire of unskilled malicious attackers, often nicknamed script kiddies. In computing, a patch is a small piece of software designed to update or fix problems with a computer program or its supporting data. ... A black-hat is a term in computing for someone who compromises the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network. ... It has been suggested that this article or section be merged into Zero day. ... In hacker culture, a script kiddie (occasionally script bunny, skidie, script kitty, script-running juvenile (SRJ), or similar) is (sometimes) a derogatory term used for an inexperienced malicious cracker who uses programs developed by others to attack computer systems, and deface websites. ...


Types

Exploits can be categorized by the type vulnerability they exploit or the method of exploitation. Some of the common types of exploits, or "attacks", are:

In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security. ... A heap overflow is another type of buffer overflow that occurs in the heap data area. ... In computer programming, an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code. ... A return-to-libc attack is a computer security attack usually starting with a buffer overflow, in which the return address on the stack is replaced by the address of another function in the program. ... Format string attacks are a new class of vulnerabilities discovered around 1999, previously thought harmless. ... A race condition or race hazard is a flaw in a system or process whereby the output of the process is unexpectedly and critically dependent on the sequence or timing of other events. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. ... Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. ... Cross-site request forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. ...

See also

This article describes how security can be achieved through design and engineering. ... Many current computer systems have only limited security precautions in place. ... Crimeware is a class of computer program designed specifically to automate financial crime. ... A shellcode is a relocatable piece of machine code used as the payload in the exploitation of a software bug which allows an unauthorised user to communicate with the computer via the operating systems command line as a result of exploiting a vulnerability in software running on the machine. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... The Metasploit Project is an open source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. ...

External links


  Results from FactBites:
 
Exploit (computer security) - Wikipedia, the free encyclopedia (421 words)
In computer security, an exploit is a piece of software that takes advantage of a bug, glitch or vulnerability in order to gain control of a computer system or allow privilege escalation or a denial of service attack.
Exploits against client applications may also require some interaction with the user and thus may be used in combination with social engineering methods.
Such exploits are referred to as 'zero day exploits' and to obtain access to such exploits is the primary desire of unskilled malicious attackers, often nicknamed script kiddies.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m